Program: JabaDot Web News Portal

Here is perhaps the most ambitious program developed in this book. It's the beginnings of a complete "news portal" web site, similar to http://www.slashdot.org/, http://www.deadly.org/, or http://daily.daemonnews.org/. However
(and as you should expect!), the entire site is written in Java. Or perhaps
should I say "written in or by Java," since the JSP mechanism -- which is
written entirely in Java -- turns the JSP pages into Java servlets that get run
on this site. The web site is shown in Figure 18-11.

Figure 18-11. JabaDot welcome page.

Like most portal sites, JabaDot allows some services (such as
the current news items and of course the ubiquitous banner ads) without
logging in, but requires a login for others. In this figure I am logged in as
myself, so I have a list of all available services. The page that supports
this view is index.jsp (Example 18-15), which contains a hodgepodge of HTML and Java code.

As you can see, this code actually starts with a "page" tag
(%@page) to specify an error handling page (the
error page just prints the stack trace neatly, along with an apology). Then
the output of the AdRotator servlet is included;
the program just randomly selects a banner advertisement and outputs it as an
HTML anchor around an IMG tag. Then I get the
HttpSession object and, from that, the current
User object, which is null if there is not a currently
logged-in user. The User class was discussed when
we talked about JavaBeans in JSPs (see Simplifying
Your JSP with a JavaBean); it's used as an ordinary object in most of
these JSPs, but as a bean in the newuser.jsp page,
when the user has entered all the fields on the "Create an Account" page.

Then there's an HTML table, which basically divides the rest of
the page into two large columns. The left side of the page is fairly wide and
contains the news stories, their headlines, the submitter's name, the time,
optionally a URL, and the text of the news article. A future version will
allow the user to send comments on the stories; as Slashdot has demonstrated,
this is an important part of "community building," part of the art of keeping
people coming back to your web site so you can show them more banner ads.
:-)

The navigator part is displayed differently depending on whether
you are logged in or not. If you're not, it begins with a login form, then
lists the few services that are publicly available as HTML anchors, with the
unavailable services in italic text. If you are logged in, there is a full
list of links and a logout page at the end.

Before you log in, you must create an account. The trick here is
that we require the user to give a valid email address, which we'll use for
various authentication purposes and, just possibly, to send them a monthly
newsletter by email. To ensure that the user gives a valid email address, we
email to them the URL from which they must download the password. Figure 18-12 shows the entry page for this. This form is processed by newuser.jsp.

// NOW add the user to the persistent database.
UserDB.getInstance( ).addUser(newUserBean);

// Create a temporary HTML file containing the full name
// and the new password, and mail the URL for it to the user.
// This will confirm that the user gave us a working email.
// NEVER show the nickname and the password together!
String tempDir = JDConstants.getProperty("jabadot.tmp_links_dir");
File tempLink = File.createTempFile(
r.nextInt( )+"$PW", ".html", new File(tempDir));
PrintWriter pw = new PrintWriter(new FileWriter(tempLink));
pw.print("<HTML><BODY>");
pw.print("Greetings ");
pw.print(newUserBean.getFullName( ));
pw.print(". Your new password for accessing JabaDot is <B>");
pw.print(newPass);
pw.print("</B>. Please remember this, or better yet, ");
pw.print("<a href=\"/jabadot/index.jsp\">");
pw.print("login</a> now!");
pw.print("You may want to visit \"My Jabadot\"");
pw.print("and change this password after you log in.");
pw.println("</HTML>");
pw.close( );

// Now we have to mail the URL to the user.
mailBean.setFrom(JDConstants.getProperty("jabadot.mail_from"));
mailBean.setSubject("Welcome to JabaDot!");
mailBean.addTo(email);
mailBean.setServer(JDConstants.getProperty("jabadot.mail.server.smtp"));

// Send Redirect back to top, so user sees just this in URL textfield.
response.sendRedirect("/jabadot/");
%>

After ensuring that you're not already logged in, this page gets
the username and password from the HTML form, checks that both are present,
looks up the name in the password database and, if found, validates the
password. If either the name or the password is wrong, I report a generic
error (this is deliberate security policy to avoid giving malicious users any
more information than they already have (This ancient advice comes from the early days of Unix; you'd be surprised how many sites still don't get it).
If you log in, I put the User object representing
you into the HttpSession, set a little greeting,
and pass control to the main page via a redirect.

Whether logged in or not, you can send a general comment to the
system's administrators via the submit.jsp page. This
simply generates the HTML form shown in Figure 18-13.

Figure 18-13. Input form for comments.jsp.

This form is processed by comments.jsp, shown in Example
18-18, when you press the "Submit Article" button.

This page starts off like the first one. I particularly like the
code that displays a mailto: URL only if the user is logged in. SPAM
perpetrators (see Chapter 19) are notorious for automatically loading entire
web sites just to look for mailto: URLs. This is a good way to fence these
rodents out, since they normally won't go to the trouble of signing up for a
service and providing a real (working) email address just to get one mailto:
URL from your site. There are easier ways to find mailto:'s on other sites;
hopefully the SPAM perps will go there. For extra fun, make up a unique email
address for each user to send mail to, so if you do get spammed, you have an
idea who might have done it.

See Also

There is more to servlets and JSPs than I've got room to tell
you about. These technologies offer an interesting partitioning of code and
functionality. The JSP can be concerned primarily with getting the input and
displaying the results. A JSP can forward to a servlet, or can include or jump
to any other local web resource, like an audio file. Servlets and JSP are
primary parts of the Java Enterprise Edition, and are becoming very important
web server technologies.

For an opposing view (that JSPs are the wrong solution to the
wrong problem), surf on over to http://www.servlets.com/. For more
information on servlets and JSPs, refer to the O'Reilly books Java Servlet Programming and JavaServer Pages.